SSL.com

Cybersecurity Roundup June 2023

Massive Data Breach Hits California’s CalPERS and CalSTRS: Personal Information of 769,000 Retirees Compromised

Hackers have compromised the personal information of roughly 769,000 retirees and beneficiaries in the California Public Employees’ Retirement System (CalPERS). The intrusion was caused by a flaw in a vendor’s cybersecurity system. CalPERS, the nation’s largest pension system, is taking immediate steps to safeguard members’ financial interests and preserve long-term security. 

CalSTRS, the nation’s second-largest pension system, also experienced a compromise via the same vendor but has not provided specifics. Both systems will notify impacted individuals in accordance with the law. The hackers claim to have targeted various businesses and government institutions around the world, with approximately 100 organizations admitting that their personal data has been stolen. 

The breach impacts pensioners from a variety of industries, including state personnel, government agencies, school systems, courts, and the California legislature. CalPERS is providing affected members with two years of free credit monitoring and identity restoration services through Experian. 

The slow notification of affected individuals has been criticized. The vendor disclosed the intrusion to CalPERS on June 6, triggering rapid action to safeguard member accounts. The hackers took advantage of a flaw in the vendor’s data transfer application, which is widely used in the healthcare industry. 

CalPERS explains that its own systems are secure, and retiree monies are safe. Retirees should monitor their accounts and credit reports on a regular basis for any questionable behavior. Identity theft and fraud should be reported to the authorities. 

SSL.com Response: The recent data breach that compromised the personal information of about 769,000 CalPERS and CalSTRS retirees and beneficiaries serves as a reminder of the critical need of enterprises to prioritize effective cybersecurity measures. Such instances can have far-reaching effects, not only in terms of financial loss and identity theft for the individuals involved, but also in terms of reputational harm and public confidence erosion for the institutions concerned. 

Given this compromise, it is critical that institutions such as CalPERS and CalSTRS investigate effective solutions to improve their data security processes.  

Client Authentication Certificates can prevent data breaches such as this by adding an additional layer of security to the authentication process. 

Client Authentication certificates are used to authenticate the identity of a client or user accessing a system or application. By using these certificates, the server can verify that the client attempting to access the system is genuine and not a malicious attacker. This prevents unauthorized access and ensures that only trusted clients can communicate with the server.

In this case, the breach occurred due to a flaw in the vendor’s cybersecurity system. By implementing Client Authentication certificates, the vendor could have enforced strict authentication requirements on their systems. This would have made it more difficult for the hackers to exploit the vulnerability and gain unauthorized access to the data.

 

Get started with SSL.com Client Authentication Certificates! 

Buy your SSL.com Client Authentication Certificates here

Vincera Institute Faces Potential Patient Data Breach in Ransomware Attack: Urgent Steps Taken to Safeguard Information

The Vincera Institute, a famous Philadelphia healthcare center, has issued a warning about a recent ransomware attack. While no indication of illegal access or exploitation of patient data has been found at this time, the attack has the potential to jeopardize personal and medical information. The institute acted quickly, enlisting the help of cybersecurity specialists to contain and mitigate the incident, with an emphasis on securing their systems and protecting patient data. Improved security processes, rigorous investigation and cleanup efforts, and cooperation with authorities are among the measures. Individuals who have been affected are asked to verify their financial accounts and insurance statements for any strange activity, to be wary of any phishing efforts, and to contact the institute’s support team for additional assistance.
SSL.com Response: The recent ransomware attack on Vincera Institute emphasizes the essential importance of strong cybersecurity measures in healthcare facilities. Such assaults pose a substantial risk to patient data security, compromising sensitive information and potentially having serious implications for both patients and the impacted institution. 

Healthcare establishments such as Vincera Institute can benefit from deploying Secure Email Certificates to improve data security and defend against potential attacks. Also known as S/MIME Certificates, Secure Email Certificates from SSL.com provide strong encryption and authentication for email communications, protecting the security and integrity of critical patient data. Healthcare businesses can strengthen their email communication channels and reduce the danger of unwanted access or interception of patient information by adopting these certificates. 

Healthcare facilities can use Secure Email Certificates to create a secure and trustworthy communication framework while safeguarding patient privacy and adhering to industry rules such as HIPAA. Healthcare practitioners may confidently transmit patient records, test results, and other confidential information by encrypting sensitive emails, protecting against potential breaches and unauthorized access.

 

Try SSL.com’s Secure Email Certificates to safeguard critical patient data, maintain HIPAA compliance, and strengthen your organization’s cybersecurity defenses.

Get your SSL.com Secure Email Certificates here

Stealth USB Espionage: WispRider Malware Spearheads Global Cyber Invasion  

Mustang Panda, a Chinese state-sponsored Advanced Persistent Threat (APT) gang, is spreading a novel malware version called WispRider via USB sticks around the world. The threat’s global reach was revealed after a European healthcare facility unintentionally inserted an infected USB drive into their systems, resulting in a widespread outbreak. WispRider’s capacity to self-promote via USB devices makes it a formidable infection carrier capable of breaking even air-gapped systems. 

WispRider, a highly advanced backdoor payload, is frighteningly sophisticated. It has been enhanced with new characteristics that allow it to avoid detection by antivirus software and change files when a benign USB thumb drive is plugged into an infected machine. This modification produces hidden folders on the thumb drive, masking the infection as a normal file that the user would most likely click on. 

This inventive and unobtrusive technique of distributing malware is troubling, especially given the widespread use of USB sticks. The ability of this malware to penetrate air-gapped computers merely adds to the concern, implying its capacity to enter high-security situations. The effective circumvention of certain antivirus solutions and exploitation of security software components highlights the critical need for powerful and advanced defense mechanisms.

SSL.com Response: USB devices can be used as part of a two-factor authentication (2FA) system to enhance the security of online accounts. While it’s true that any technology can have vulnerabilities, USB devices themselves are not inherently insecure for 2FA when implemented correctly. That being said, most industries are moving towards cloud-based systems for several key reasons. 

With a cloud service, users can access their authentication credentials and files from any device with an internet connection. This flexibility allows for seamless access and eliminates the need to carry a physical USB token. 

Cloud services can also easily scale to accommodate a large number of users without requiring additional physical tokens. This is particularly beneficial for organizations that have a growing user base or need to manage access for a distributed workforce. Adding or removing users can be done centrally without the need to distribute or collect USB tokens. 

Thirdly, cloud service providers invest heavily in security measures to protect user data. They employ encryption and other advanced security mechanisms to safeguard sensitive information. USB tokens, on the other hand, can be susceptible to physical theft, loss, or unauthorized access if not adequately protected. 

The advantages of a cloud service mentioned above are at the core of SSL.com’s eSigner cloud code signing service. eSigner allows users to conveniently add globally trusted digital signatures and timestamps to software code from anywhere, with no need for USB tokens, HSMs, or other special hardware. Code Signing Certificates enrolled in eSigner can protect against dangers like WispRider by authenticating the developer and validating the integrity of software code, effectively adding a layer of confidence to the end-user experience. Developers can assure users that code has not been altered since it was signed by applying a digital seal to their code. This could aid in the prevention of dangerous payloads buried within seemingly benign applications, such as WispRider.

 

Do not allow malicious actors to jeopardize the security of your systems and data. Using SSL.com’s eSIgner-enrolled Code Signing Certificates, you can ensure the integrity of your software.

Buy your SSSL.com Code Signing Certificate here

Video-Based Cryptographic Key Theft: Hackers Exploit Power LEDs from Afar

Researchers have developed a new attack method that uses video recordings of power LEDs to acquire secret encryption keys contained in smart cards and cellphones. The attack takes advantage of side channels, which are physical effects that leak from a device while performing cryptographic operations. Attackers can obtain enough information to recover secret keys by monitoring characteristics such as power consumption, sound, electromagnetic emissions, or operation timing. The new attack approach records power LEDs that show when a card reader or smartphone is activated using security cameras or iPhones. Video-based assaults are a non-intrusive and remote method of exploiting side channels, as they do not require specialized gear or physical closeness to the targeted device.
SSL.com Response: This study emphasizes the continued difficulties in safeguarding sensitive cryptographic procedures. Side-channel attacks, which take advantage of physical device peculiarities, represent a serious threat to the security of cryptographic keys. The use of video records as a side channel to exploit power LED changes highlights the need for comprehensive security measures that go beyond typical software-based safeguards. 

Internet of Things (IoT) devices must be secured to prevent such assaults. SSL/TLS certificates can be used to establish secure encrypted connections between clients and servers. By encrypting the data transmitted between a smart card or cellphone and the server, the attack method that relies on monitoring side channels, such as power consumption or electromagnetic emissions, becomes ineffective. The encryption ensures that the data is protected and cannot be easily intercepted or deciphered by attackers. 

When a client device connects to a server, it verifies the server’s identity by checking the server’s SSL/TLS certificate. This authentication process helps prevent man-in-the-middle attacks, where an attacker intercepts the communication between the client and server and poses as the legitimate server. By ensuring that the server is genuine and trusted, the risk of falling victim to the video-based attack approach is reduced.

Use SSL/TLS certificates to increase the security of your IoT devices against developing threats.

Secure your IoT Devices with SSL/TLS now!

SSL.com Announcements

Automate Validation and Issuance of Email Signing and Encryption Certificates for Employees 

Bulk enrollment is now available for Personal ID+Organization S/MIME Certificates (also known as IV+OV S/MIME), and NAESB Certificates through the SSL.com Bulk Order Tool. Bulk enrollment of Personal ID+Organization S/MIME and NAESB Certificates has the additional requirement of an Enterprise PKI (EPKI)  Agreement. An EPKI Agreement allows a single authorized representative of an organization to order, validate, issue, and revoke a high volume of these two types of certificates for other members, thereby enabling a faster turnaround in securing an organization’s data and communication systems.

 

New Key Storage Requirements for Code Signing Certificates 

< p align=”justify”>On June 1, 2023, SSL.com’s Organization Validation (OV) and Individual Validation (IV) Code Signing Certificates have been issued either on Federal Information Processing Standard 140-2 (FIPS 140-2) USB tokens or through our eSigner cloud code signing service. This change is in compliance with the Certificate Authority/Browser (CA/B) Forum’s new key storage requirements to increase security for code signing keys. The previous rule allowed OV and IV code signing certificates to be issued as downloadable files from the internet. Since the new requirements only allow the use of encrypted USB tokens or cloud-based FIPS compliant hardware appliances to store the certificate and private key, it is expected that instances of code signing keys being stolen and misused by malicious actors will be greatly reduced. Click this link to learn more about the SSL.com eSigner cloud code signing solution. 
Exit mobile version